forked from pool/systemd
Accepting request 570496 from home:fbui:systemd:Factory
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224) OBS-URL: https://build.opensuse.org/request/show/570496 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1006
This commit is contained in:
parent
ddfb80eac1
commit
fcc2b807d7
33
suse-disable-tmpfs-for-tmp.service
Normal file
33
suse-disable-tmpfs-for-tmp.service
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#
|
||||||
|
# By default, /tmp doesn't use tmpfs on SUSE distros.
|
||||||
|
#
|
||||||
|
# This service is either run automatically during the firstboot (i.e.
|
||||||
|
# only once) of the system.
|
||||||
|
#
|
||||||
|
# Or it can also be (manually) started during systemd update (%post)
|
||||||
|
# only and only if tmp.mount wasn't already installed by the admin in
|
||||||
|
# /usr/lib during %pre. In this case tmp.mount should also masked.
|
||||||
|
#
|
||||||
|
# In any cases this service will never mask tmp.mount if the service
|
||||||
|
# has been created by either the admin or fstab-generator.
|
||||||
|
#
|
||||||
|
[Unit]
|
||||||
|
Description=Mask tmp.mount by default on SUSE systems
|
||||||
|
DefaultDependencies=no
|
||||||
|
Conflicts=shutdown.target
|
||||||
|
After=systemd-remount-fs.service
|
||||||
|
Before=tmp.mount
|
||||||
|
ConditionPathIsReadWrite=/etc
|
||||||
|
ConditionPathExists=!/usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/bin/sh -c ' \
|
||||||
|
case "$(systemctl show -pFragmentPath tmp.mount)" in \
|
||||||
|
FragmentPath=/usr/lib/systemd/system/tmp.mount) \
|
||||||
|
systemctl mask --now tmp.mount ;; \
|
||||||
|
FragmentPath=/usr/share/systemd/tmp.mount) \
|
||||||
|
ln -sf /usr/lib/systemd/system/tmp.mount /etc/systemd/system/ ;; \
|
||||||
|
esac'
|
||||||
|
ExecStartPost=/usr/bin/touch /usr/lib/systemd/system/.disable-tmpfs-for-tmp~done
|
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
|
||||||
|
|
||||||
|
This was done to make sure that tmpfs wouldn't be used for /tmp by
|
||||||
|
defaut in case the dir layout created by the installer did not
|
||||||
|
create a customized tmp.mount.
|
||||||
|
|
||||||
|
But it had the bad side effect to break "rpm -V systemd" and updates
|
||||||
|
of systemd via delta-RPMs.
|
||||||
|
|
||||||
|
Now instead of removing tmp.mount unit file, we mask it (still only
|
||||||
|
if no other tmp.mount would override the default one). It's the
|
||||||
|
official way to disable tmpfs on /tmp after all.
|
||||||
|
|
||||||
|
Since we cannot rely on the presence of fstab during package
|
||||||
|
installations, we introduced a service which is run once on the
|
||||||
|
first boot and which figures out if tmpfs would be used. If so it
|
||||||
|
masks the unit.
|
||||||
|
|
||||||
|
We also handle the upgrade path and make sure to preserve admin's
|
||||||
|
settings (if any).
|
||||||
|
|
||||||
|
Another advantage of this is that we will only need to remove the
|
||||||
|
introduced service the day when tmpfs will be the default for SUSE
|
||||||
|
distros.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
@ -148,6 +148,7 @@ Source7: libgcrypt.m4
|
|||||||
Source11: after-local.service
|
Source11: after-local.service
|
||||||
Source12: systemd-sysv-install
|
Source12: systemd-sysv-install
|
||||||
Source14: kbd-model-map.legacy
|
Source14: kbd-model-map.legacy
|
||||||
|
Source15: suse-disable-tmpfs-for-tmp.service
|
||||||
|
|
||||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||||
@ -513,11 +514,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
|||||||
# customized for openSUSE distros.
|
# customized for openSUSE distros.
|
||||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||||
|
|
||||||
# We keep a copy of tmp.mount because it may be removed if not used
|
# Install the service which will disable/mask tmpfs for /tmp (if
|
||||||
# (see %post): we want to be sure tmpfs won't be used for /tmp by
|
# needed) on first boot.
|
||||||
# default on Suse distros.
|
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
||||||
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
||||||
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
|
||||||
|
|
||||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||||
@ -648,12 +648,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
|||||||
|
|
||||||
%find_lang systemd
|
%find_lang systemd
|
||||||
|
|
||||||
|
# Build of installation images uses a hard coded list of packages with
|
||||||
|
# a %pre that needs to be run during the build. systemd is one of them
|
||||||
|
# so keep the section even if it's empty.
|
||||||
%pre
|
%pre
|
||||||
# Build of installation images uses an hard coded list of some
|
if [ $1 -gt 1 ] ; then
|
||||||
# packages with a %pre that needs to be run during the
|
# Check if tmp.mount has been restored by either the admin or
|
||||||
# build. Unfortunately, systemd in one of them. To make thing simpler
|
# was added at package installation. In both cases do nothing
|
||||||
# we use a %pre section even if it is not needed.
|
# and prevent the service to be executed during %post for the
|
||||||
exit 0
|
# former case.
|
||||||
|
if test -e %{_unitdir}/tmp.mount; then
|
||||||
|
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
# Make /etc/machine-id an empty file during package installation. On
|
# Make /etc/machine-id an empty file during package installation. On
|
||||||
@ -695,16 +702,6 @@ if [ $1 -eq 1 ]; then
|
|||||||
%endif
|
%endif
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
|
||||||
# make sure it wont be activated since it's the default for Suse
|
|
||||||
# distros. This unit can be pulled (implicitely) in various ways
|
|
||||||
# (private /tmp, etc..) and it's required by the basic.target
|
|
||||||
# explicitly since v220.
|
|
||||||
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
|
|
||||||
enabled) ;;
|
|
||||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
|
||||||
esac
|
|
||||||
|
|
||||||
# v228 wrongly set world writable suid root permissions on timestamp
|
# v228 wrongly set world writable suid root permissions on timestamp
|
||||||
# files used by permanent timers. Fix the timestamps that might have
|
# files used by permanent timers. Fix the timestamps that might have
|
||||||
# been created by the affected versions of systemd (bsc#1020601).
|
# been created by the affected versions of systemd (bsc#1020601).
|
||||||
@ -720,23 +717,30 @@ done
|
|||||||
# This includes all hacks needed when upgrading from SysV.
|
# This includes all hacks needed when upgrading from SysV.
|
||||||
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
||||||
|
|
||||||
# Convert /var/lib/machines subvolume to make it suitable for
|
|
||||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
|
||||||
# to create it at installation time.
|
|
||||||
#
|
|
||||||
# The convertion might only be problematic for openSUSE distros
|
|
||||||
# (TW/Factory) where previous versions had already created the
|
|
||||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
|
||||||
# started to populate and use it. In this case we'll let the user fix
|
|
||||||
# it manually.
|
|
||||||
#
|
|
||||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
|
||||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
|
||||||
# is still created at the wrong place due to the call to
|
|
||||||
# tmpfiles_create macro previously however it's empty so there
|
|
||||||
# shouldn't be any issues.
|
|
||||||
if [ $1 -gt 1 ]; then
|
if [ $1 -gt 1 ]; then
|
||||||
|
# Convert /var/lib/machines subvolume to make it suitable for
|
||||||
|
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||||
|
# to create it at installation time.
|
||||||
|
#
|
||||||
|
# The convertion might only be problematic for openSUSE distros
|
||||||
|
# (TW/Factory) where previous versions had already created the
|
||||||
|
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||||
|
# started to populate and use it. In this case we'll let the user fix
|
||||||
|
# it manually.
|
||||||
|
#
|
||||||
|
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||||
|
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||||
|
# is still created at the wrong place due to the call to
|
||||||
|
# tmpfiles_create macro previously however it's empty so there
|
||||||
|
# shouldn't be any issues.
|
||||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||||
|
|
||||||
|
# Should we mask tmpfs ? If tmp.mount was already installed in
|
||||||
|
# /usr/lib then this is a nop as sysadmin restored the unit
|
||||||
|
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
||||||
|
# unit unless it's overriden by a tmp.mount unit installed
|
||||||
|
# either by sysadmin or fstab-generator.
|
||||||
|
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
|
@ -1,3 +1,31 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 29 09:52:50 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
- Do not optionally remove /usr/lib/systemd/system/tmp.mnt anymore (bsc#1071224)
|
||||||
|
|
||||||
|
This was done to make sure that tmpfs wouldn't be used for /tmp by
|
||||||
|
defaut in case the dir layout created by the installer did not
|
||||||
|
create a customized tmp.mount.
|
||||||
|
|
||||||
|
But it had the bad side effect to break "rpm -V systemd" and updates
|
||||||
|
of systemd via delta-RPMs.
|
||||||
|
|
||||||
|
Now instead of removing tmp.mount unit file, we mask it (still only
|
||||||
|
if no other tmp.mount would override the default one). It's the
|
||||||
|
official way to disable tmpfs on /tmp after all.
|
||||||
|
|
||||||
|
Since we cannot rely on the presence of fstab during package
|
||||||
|
installations, we introduced a service which is run once on the
|
||||||
|
first boot and which figures out if tmpfs would be used. If so it
|
||||||
|
masks the unit.
|
||||||
|
|
||||||
|
We also handle the upgrade path and make sure to preserve admin's
|
||||||
|
settings (if any).
|
||||||
|
|
||||||
|
Another advantage of this is that we will only need to remove the
|
||||||
|
introduced service the day when tmpfs will be the default for SUSE
|
||||||
|
distros.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
Fri Jan 26 14:40:38 UTC 2018 - fbui@suse.com
|
||||||
|
|
||||||
|
74
systemd.spec
74
systemd.spec
@ -146,6 +146,7 @@ Source7: libgcrypt.m4
|
|||||||
Source11: after-local.service
|
Source11: after-local.service
|
||||||
Source12: systemd-sysv-install
|
Source12: systemd-sysv-install
|
||||||
Source14: kbd-model-map.legacy
|
Source14: kbd-model-map.legacy
|
||||||
|
Source15: suse-disable-tmpfs-for-tmp.service
|
||||||
|
|
||||||
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
Source100: scripts-systemd-fix-machines-btrfs-subvol.sh
|
||||||
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
Source101: scripts-systemd-upgrade-from-pre-210.sh
|
||||||
@ -511,11 +512,10 @@ rm -f %{buildroot}/etc/systemd/system/default.target
|
|||||||
# customized for openSUSE distros.
|
# customized for openSUSE distros.
|
||||||
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
install -m0644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/
|
||||||
|
|
||||||
# We keep a copy of tmp.mount because it may be removed if not used
|
# Install the service which will disable/mask tmpfs for /tmp (if
|
||||||
# (see %post): we want to be sure tmpfs won't be used for /tmp by
|
# needed) on first boot.
|
||||||
# default on Suse distros.
|
install -m0644 -D %{S:15} %{buildroot}/%{_prefix}/lib/systemd/system/suse-disable-tmpfs-for-tmp.service
|
||||||
rm %{buildroot}/%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount
|
ln -s ../suse-disable-tmpfs-for-tmp.service %{buildroot}/%{_prefix}/lib/systemd/system/sysinit.target.wants/
|
||||||
cp %{buildroot}/%{_prefix}/lib/systemd/system/tmp.mount %{buildroot}/%{_datadir}/systemd/
|
|
||||||
|
|
||||||
# don't enable wall ask password service, it spams every console (bnc#747783)
|
# don't enable wall ask password service, it spams every console (bnc#747783)
|
||||||
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
rm %{buildroot}%{_prefix}/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
|
||||||
@ -646,12 +646,19 @@ cat %{S:14} >>%{buildroot}%{_datarootdir}/systemd/kbd-model-map
|
|||||||
|
|
||||||
%find_lang systemd
|
%find_lang systemd
|
||||||
|
|
||||||
|
# Build of installation images uses a hard coded list of packages with
|
||||||
|
# a %pre that needs to be run during the build. systemd is one of them
|
||||||
|
# so keep the section even if it's empty.
|
||||||
%pre
|
%pre
|
||||||
# Build of installation images uses an hard coded list of some
|
if [ $1 -gt 1 ] ; then
|
||||||
# packages with a %pre that needs to be run during the
|
# Check if tmp.mount has been restored by either the admin or
|
||||||
# build. Unfortunately, systemd in one of them. To make thing simpler
|
# was added at package installation. In both cases do nothing
|
||||||
# we use a %pre section even if it is not needed.
|
# and prevent the service to be executed during %post for the
|
||||||
exit 0
|
# former case.
|
||||||
|
if test -e %{_unitdir}/tmp.mount; then
|
||||||
|
touch %{_unitdir}/.disable-tmpfs-for-tmp~done
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
%post
|
%post
|
||||||
# Make /etc/machine-id an empty file during package installation. On
|
# Make /etc/machine-id an empty file during package installation. On
|
||||||
@ -693,16 +700,6 @@ if [ $1 -eq 1 ]; then
|
|||||||
%endif
|
%endif
|
||||||
fi >/dev/null
|
fi >/dev/null
|
||||||
|
|
||||||
# Keep tmp.mount if it's been enabled explicitly by the user otherwise
|
|
||||||
# make sure it wont be activated since it's the default for Suse
|
|
||||||
# distros. This unit can be pulled (implicitely) in various ways
|
|
||||||
# (private /tmp, etc..) and it's required by the basic.target
|
|
||||||
# explicitly since v220.
|
|
||||||
case $(systemctl is-enabled tmp.mount 2>/dev/null) in
|
|
||||||
enabled) ;;
|
|
||||||
*) rm -f %{_prefix}/lib/systemd/system/tmp.mount
|
|
||||||
esac
|
|
||||||
|
|
||||||
# v228 wrongly set world writable suid root permissions on timestamp
|
# v228 wrongly set world writable suid root permissions on timestamp
|
||||||
# files used by permanent timers. Fix the timestamps that might have
|
# files used by permanent timers. Fix the timestamps that might have
|
||||||
# been created by the affected versions of systemd (bsc#1020601).
|
# been created by the affected versions of systemd (bsc#1020601).
|
||||||
@ -718,23 +715,30 @@ done
|
|||||||
# This includes all hacks needed when upgrading from SysV.
|
# This includes all hacks needed when upgrading from SysV.
|
||||||
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
%{_prefix}/lib/systemd/scripts/upgrade-from-pre-210.sh || :
|
||||||
|
|
||||||
# Convert /var/lib/machines subvolume to make it suitable for
|
|
||||||
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
|
||||||
# to create it at installation time.
|
|
||||||
#
|
|
||||||
# The convertion might only be problematic for openSUSE distros
|
|
||||||
# (TW/Factory) where previous versions had already created the
|
|
||||||
# subvolume at the wrong place (via tmpfiles for example) and user
|
|
||||||
# started to populate and use it. In this case we'll let the user fix
|
|
||||||
# it manually.
|
|
||||||
#
|
|
||||||
# For SLE12 this subvolume was only introduced during the upgrade from
|
|
||||||
# v210 to v228 when we added this workaround. Note that the subvolume
|
|
||||||
# is still created at the wrong place due to the call to
|
|
||||||
# tmpfiles_create macro previously however it's empty so there
|
|
||||||
# shouldn't be any issues.
|
|
||||||
if [ $1 -gt 1 ]; then
|
if [ $1 -gt 1 ]; then
|
||||||
|
# Convert /var/lib/machines subvolume to make it suitable for
|
||||||
|
# rollbacks, if needed. See bsc#992573. The installer has been fixed
|
||||||
|
# to create it at installation time.
|
||||||
|
#
|
||||||
|
# The convertion might only be problematic for openSUSE distros
|
||||||
|
# (TW/Factory) where previous versions had already created the
|
||||||
|
# subvolume at the wrong place (via tmpfiles for example) and user
|
||||||
|
# started to populate and use it. In this case we'll let the user fix
|
||||||
|
# it manually.
|
||||||
|
#
|
||||||
|
# For SLE12 this subvolume was only introduced during the upgrade from
|
||||||
|
# v210 to v228 when we added this workaround. Note that the subvolume
|
||||||
|
# is still created at the wrong place due to the call to
|
||||||
|
# tmpfiles_create macro previously however it's empty so there
|
||||||
|
# shouldn't be any issues.
|
||||||
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
%{_prefix}/lib/systemd/scripts/fix-machines-btrfs-subvol.sh || :
|
||||||
|
|
||||||
|
# Should we mask tmpfs ? If tmp.mount was already installed in
|
||||||
|
# /usr/lib then this is a nop as sysadmin restored the unit
|
||||||
|
# most likely to use tmpfs (see %pre) otherwise mask the mount
|
||||||
|
# unit unless it's overriden by a tmp.mount unit installed
|
||||||
|
# either by sysadmin or fstab-generator.
|
||||||
|
systemctl start suse-disable-tmpfs-for-tmp.service || :
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
|
Loading…
Reference in New Issue
Block a user